NAME

: Nur Hanis Bt Mohamad Rafee

MATRIC NO. : 1130437
GROUP
: MSC2
TUTORIAL
:1
QUESTION :
1.

What do you understand with the term Information Security?

Information security (InfoSec) is the protection of information and its critical

elements, including the system and hardware that is use, store and transmit
information through the application of policy, training, education and awareness
programs and also technology. It includes the broad areas of information security
management, computer and data security as well as network security. The C.I.A.
triangle was the standard based on confidentiality, integrity, and availability
2.

List and explain the critical characteristics of Information.

Confidentiality : Ensure that only people with sufficient privileges and a

demonstrated need may access certain information

Integrity : Quality or state of being whole, complete and uncorrupted. To

prevent this from happening, various methods are used to ensure data
integrity such as algorithms, hash values and error-correcting codes

Availability : Characteristic that enable user access to information without

interference or obstruction and in a usable format

Privacy : Information that is collected, used and stored by an organization

is intended only for the purposes stated to the data owner at the time it
was collected. The information will only be used in a way that known to
the person providing it

Identification : The first step in gaining access to secure material and it

serves as the foundation for subsequent authentication and authorization

Authentication : The quality or state of being genuine or original rather

than a reproduction or copy and is considered such when it is in the same
state as when it was created, placed, stored or transferred

Authorization : Provide assurance that the user (whether a person or a

computer) has been specifically and explicitly authorized by the proper
authority to access, update or delete the contents of the information
assets

Accountability : The property that ensures that the actions of an entity can
be traced solely to this entity. It guarantees that all operations carried out
by individuals, systems or processes can be identified and the trace to the
author and the operation is kept

3.
Using the NSTISSC Security model, explain the fundamental approach of
information security.
It is now called the National Training Standard for Information security
professionals. The NSTISSC Security Model provides a more detailed perspective
on security. While the NSTISSC model covers the three dimensions of information
security, it omits discussion of detailed guidelines and policies that direct the
implementation of controls. Another weakness of using this model with too
limited an approach is to view it from a single perspective. The 3 dimensions of
each axis become a 3x3x3 cube with 27 cells representing areas that must be
addressed to secure todays Information systems. To ensure system security,
each of the 27 cells must be properly addressed by each of the three
communities of interest during the security process. For example, the
intersection between technology, Integrity and storage areas requires a control
or safeguard that addresses the need to use technology to protect the integrity
of information while in storage. The control might consist of a host intrusion
detection system (HIDS) which alerts the security administrators when a critical
file is modified.